Sunday, December 18, 2011

Type Metode Load Balancing

Load Balancing pada mikrotik dapat dilakukan dengan beberapa metode

1. NTH load balancing with masquerade
Untuk metode ini dns mikrotik harus sama dengan dns di client. Jika tidak load balancing tidak akan jalan
 A. Penggunaan di Mikrotik versi 2.xx
- Pada mikrotik versi 2.xx, Definisi NTH-nya adalah NTH=Every,Counter,Packet  contoh : nth=1,1,0 . 1,1,1 . 1,1,2

Contoh implementasi pada 3 koneksi :

/ip firewall mangle

add chain=prerouting in-interface=lan connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=odd passthrough=yes comment=”Load Balancing” disabled=no
add chain=prerouting in-interface=lan connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no comment=”" disabled=no
add chain=prerouting in-interface=lan connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=even passthrough=yes comment=”" disabled=no
add chain=prerouting in-interface=lan connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment=”" disabled=no

add chain=prerouting in-interface=lan connection-state=new nth=1,1,2 action=mark-connection new-connection-mark=last passthrough=yes comment=”" disabled=no
add chain=prerouting in-interface=lan connection-mark=even action=mark-routing new-routing-mark=last passthrough=no comment=”" disabled=no

/ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=172.16.0.2(ip mikrotik ke modem1) to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=172.16.1.2 (ip mikrotik ke modem 2 ) to-ports=0-65535 comment="" disabled=no 
add chain=srcnat connection-mark=last action=src-nat to-addresses=172.16.2.2 (ip mikrotik ke modem 3 ) to-ports=0-65535 comment="" disabled=no 

/ip route
add dst-address=0.0.0.0/0 gateway=172.16.0.1 scope=255 target-scope=10 routing-mark=odd comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=172.16.1.1 scope=255 target-scope=10 routing-mark=even comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=172.16.2.1 scope=255 target-scope=10 routing-mark=last comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=172.16.0.1 scope=255 target-scope=10 disabled=no comment="gateway for the router itself"

 B. Penggunaan di Mikrotik versi 3.xx - 4.xx-Pada mikrotik versi 3.xx dan 4 keatas, Definisi NTH-nya adalah NTH=Counter,Packet contoh : NTH=3,1 . 3,2 . 3,3 atau bisa juga NTH=3,1 . 2,1 . 1,1
Contoh implementasi pada 2 koneksi NTH=2,1 . 2,2 bisa juga NTH=2,1 . 1,1 :
/ip firewall mangle
Jika menambahkan persistent user sessions:
 add chain=prerouting src-address-list=odd in-interface=lan action=mark-connection new-connection-mark=odd passthrough=yes
add chain=prerouting src-address-list=odd in-interface=lan action=mark-routing new-routing-mark=odd

add chain=prerouting src-address-list=even in-interface=lan action=mark-connection new-connection-mark=even passthrough=yes
add chain=prerouting src-address-list=even in-interface=lan action=mark-routing new-routing-mark=even

Tanpa persistent user sessions hilangkan rule yang merah
 add chain=prerouting in-interface=lan connection-state=new nth=2,1 action=mark-connection new-connection-mark=odd passthrough=yes
add chain=prerouting in-interface=lan action=add-src-to-address-list address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes
add chain=prerouting in-interface=lan connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no

add chain=prerouting in-interface=lan connection-state=new nth=2,2 action=mark-connection new-connection-mark=even passthrough=yes
add chain=prerouting in-interface=lan action=add-src-to-address-list address-list=even address-list-timeout=1d connection-mark=even passthrough=yes
add chain=prerouting in-interface=lan connection-mark=even action=mark-routing new-routing-mark=even passthrough=no

(Persistent user)Untuk menghindari ip sama pada list address odd dan event tambahkan rule berikut :
add chain=prerouting in-interface=lan connection-state=new nth=2,1 src-address-list=!even action=mark-connection new-connection-mark=odd passthrough=yes
add chain=prerouting in-interface=lan connection-state=new nth=2,2 src-address-list=!odd action=mark-connection new-connection-mark=even passthrough=yes

/ ip firewall nat
add chain=srcnat out-interface=speedy1 action=masquerade
add chain=srcnat out-interface=speedy2 action=masquerade

/ ip route
add dst-address=0.0.0.0/0 gateway=172.16.0.1 scope=255 target-scope=10 routing-mark=odd
add dst-address=0.0.0.0/0 gateway=172.16.1.1 scope=255 target-scope=10 routing-mark=even

add dst-address=0.0.0.0/0 gateway=172.16.0.1 scope=255 target-scope=10 comment="gateway for router"

2. ECMP (Equal Cost Multi-Path) load balancing with masquerade

Yang perlu diperhatikan disini bagaimana mikrotik terkoneksi dgn internet, misalnya jika salah satu modem melakukan dial-up ke internet, maka modem yang lain harus diset dial-up juga tidak bridge. Begitu juga jika mikrotik diset  melakukan dial-up ke speedy (pppoe), maka kedua koneksi harus didial-up oleh mikrotik ( kedua modem diset bridging). 

/ip firewall mangle

add chain=input in-interface=speedy1 action=mark-connection new-connection-mark=speedy1_conn
add chain=input in-interface=speedy2 action=mark-connection new-connection-mark=speedy2_conn
add chain=output connection-mark=speedy1_conn action=mark-routing new-routing-mark=to_speedy1   
add chain=output connection-mark=speedy2_conn action=mark-routing new-routing-mark=to_speedy2
/ ip firewall nat
add chain=srcnat out-interface=speedy1 action=masquerade
add chain=srcnat out-interface=speedy2 action=masquerade
/ ip route
add dst-address=0.0.0.0/0 gateway=172.16.0.1 routing-mark=to_speedy1
add dst-address=0.0.0.0/0 gateway=172.16.1.1 routing-mark=to_speedy2

Rule dibawah ini akan mengaktifkan failover effect
add dst-address=0.0.0.0/0 gateway=172.16.0.1,172.16.1.1 check-gateway=ping

Jika bandwith 2 koneksi tersebut berbeda misal yang satunya 2 mb dan satu lagi 10 mb maka digunakan asymmetric bandwidth links dgn perbandingan 1:5. Penerapannya sbb:

add dst-address=0.0.0.0/0 gateway=172.16.0.1,172.16.1.1,172.16.1.1,172.16.1.1,172.16.1.1,172.16.1.1 check-gateway=ping

3. Load balancing dgn policy routing berdasarkan ip address client
Maksudnya disini jika kita mempunyai 2 koneksi . Maka 2 koneksi itu akan dibagi ke client menjadi 2 kelompok, misalnya ; 192.168.1.1 - 192.168.1.3 akan dirouting ke speedy1 dan 192.168.1.4 - 192.168.1.6 akan dirouting ke speedy2

/ip firewall address-list
add address=192.168.1.1 disabled=no list=ipwarnet
add address=192.168.1.2 disabled=no list=ipwarnet
add address=192.168.1.3 disabled=no list=ipwarnet
add address=192.168.1.4 disabled=no list=ipwarnet2
add address=192.168.1.5 disabled=no list=ipwarnet2
add address=192.168.1.6 disabled=no list=ipwarnet2

/ip firewall mangle
add chain=prerouting src-address-list=ipwarnet action=mark-routing new-routing-mark=speedy1 comment="ke speedy1"
add chain=prerouting src-address-list=ipwarnet2 action=mark-routing new-routing-mark=speedy2 comment="ke speedy1"

/ip firewall nat
- add action=masquerade chain=srcnat comment="default configuration" disabled=no

/ip route
add dst-address=0.0.0.0/0 gateway=172.16.0.1 routing-mark=speedy1
add dst-address=0.0.0.0/0 gateway=172.16.1.1 routing-mark=speedy2

4. Load Balancing menggunakan PCC method ( not tested yet ) di RB750

Source : http://aacable.wordpress.com
Load Balance menggunakan PCC ( per-connection-classifier)dengan both addresses and ports sebagai classifier ( bisa juga dgn src-address sebagai classifier )
===============================================
/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
 
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
=======================================================

Jika bandiwth wan berbeda misalnya wan1 = 4 mbps dan wan2 = 8 mbps, 
dgn ratio 1:2 maka tambahkan rule PCC untuk marking koneksi di wan2 

/ip firewall mangle
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

PCC WITH HOTSPOT (Reference)

/ip firewall nat add action=accept chain=pre-hotspot disabled=no dst-address-type=!local hotspot=auth


No comments:

Post a Comment